California University of Pennsylvania



California University of PADept. of Computer Science, Info Systems, and Engineering Technology ________________________________________________________________________CET440 Computer NetworkingProf SumeyFall 2020 Research Project Synopsis Kevin Andor ScutaruAustin Hendricks Alexander NewellDate Submitted: 11/30/2020Table of ContentsSection Title……………………………………………………………………....Page NumberIntroduction……………………………………………………………………..…….…….…03What is Universal Plug and Play?..…...…………………………………………...…………03History of Universal Plug and Play………………………………...…………...……………04Disadvantages…………………………………………….………....…………………………06How to activate/deactivate………...……………………………….…………………………06Conclusion…………………………………………………………..…………………………10IntroductionIn Computer Networking there are many ways to communicate with other devices, one such method is Universal Plug and Play (UPnP). UPnP essentially allows devices to seamlessly discover and connect over a network and is used in many avenues of networking, such as streaming services (i.e. Apple TV), video game connections through the internet, communication between digital home assistants, and Internet of Things (IoT) devices. UPnP has advantages and disadvantages depending on what it is used for and how it is implemented. This paper will explore the concepts of Universal Plug and Play and its utility for Computer Networking.What is Universal Plug and PlayUniversal Plug and Play or UPnP is a network protocol that a vast majority of people have used without ever knowing it. In the ever-increasing age of smart devices coming into our homes, we are seeing a rise in the usage of Universal Plug and Play because to put it simply it's how these new devices connect to your home network and communicate with one another. These types of devices that use UPnP could be anything from using a wireless speaker, a wireless printer, or just about any other smart device you may have at your house. The terminology plug and play is referring to how when you get a new device and plug it into power it on, the device is capable of accessing your network and communicates with the other devices on the network. On the user end, this process is simple as it requires no work on the user side. However, on the device side, it must go through a handful of steps to achieve a status where it is ready for full use. Once the device is powered on it will be able to connect to the network. From there the device will acquire an Internet Protocol (IP) address to use as its own unless it can communicate over another means like Bluetooth or Bluetooth of Radio Frequency Identification (RFID). Next, the device will get a name and appear on the network it is connected to. Finally, from there the device can contact other devices on the same network for communication.The "Universal" term in Universal Plug and Play refers to the fact that the UPnP devices can use any operating system and programming language. The networking media used with UPnP devices is independent as well as they do not use device drivers but use common protocols instead. These features are what allow UPnP devices to be flexible and work universally.History of Universal Plug and PlayUniversal Plug and Play has a long and interesting history filled with a multitude of events that range from upgrades to negatively received issues. The UPnP Forum was originally established in October 1999 as an industry initiative that had the involvement of a large number of leading companies in computing, printing, networking, and consumer electronics such as home appliances, security, automation, and mobile products. The Federal Bureau of Investigation's (FBI) National Infrastructure Protection Center (NIPC) told all users to disable UPnP as a result of a buffer overflow in Windows XP that was allegedly caused by UPnP in 2001. The FBI's NIPC later issued a corrective statement saying that UPnP was not actually the cause of the overflow error and the error was eventually fixed by a patch.Apple Inc. introduced an Internet Engineering Task Force (IETF) draft in 2005 that contained a competing solution called Network Address Translation Port Mapping Protocol (NAT-PMP) that was used in the UPnP Internet Gateway (IGD) standard’s WAN IP Connection services even though it only focused on GNAT traversal. On July 12, 2006, the UPnP Forum released version 2 of the specifications for UPnP Audio and Video. This new version added enhancements to the MediaServer and MediaRender device classes, allowing better interoperability between products that were produced by different companies. Since 2006, versions 3 and 4 of the UPnP video/audio control protocols were published. In 2008 UPnP was published as a 73-part international standard. An updated UPnP AV specification that incorporated enhanced device control protocols was rolled out in March of 2013. During the fall of 2008, The UPnP Forum decided on the official successor for UPnP 1.0 which was UPnP 1.1 even though at the time the Forum was also looking into the Devices Profile for Web Services (DPWS) as a potential successor. During this year, the Flash UPnP Attack also occurred. It was a custom-made Flash applet that created a web page inside your internet browser that could send a UPnP request straight to your router to ask it to forward ports. On some older routers, it could change the primary Domain Name System (DNS) server with one of the UPnP requests, meaning the current DNS could be changed to a malicious DNS meant to redirect your web traffic to fraudulent sites. Many older routers are still vulnerable to this type of attack. A researcher by the name of Daniel Garcia created a tool meant to exploit a flaw in some UPnP IGD device stacks that allow Internet based UPnP requests. The tool was released to the public in 2011 to allow port mapping requests to external IP addresses from devices and internal IP addresses. In the year 2013, Rapid7, a security company based in Boston Massachusetts, finished conducting and reported on a research project spanning over a six-month time frame. During this experiment, they scanned for signals of UPnP-enabled devices that were accepting Internet connections. An approximate 6900 products from 1500 companies at 81 million IP-address were found readily available to accept the Internet connections, many of which could be accessed using the UPnP protocol (Universal Plug and Play 2020.) In response, the UPnP forum recommended in a press release that users update to the most recent versions of the UPnP stacks and they would improve the certification program to include checks to limit future issues. The UPnP Forum assigned its assets over to the Open Connectivity Foundation (OCF) on January 1, 2016. In June 2020, CallStranger, a protocol design flaw, was brought to light. This flaw allowed attackers to get around the event subscription mechanism to conduct several types of attacks to include enumeration, data exfiltration, and increased requests used for DDoS attempts. The OCF had released the fix to the protocol specification in April 2020 before CallStranger was discovered but it takes an increased amount of time to upgrade some UPnP devices, so it remains an issue.DisadvantagesUPnP lends itself to be a very convenient tool, allowing users to easily communicate to another device without manual setup. Unfortunately, there are quite a few negatives to using/enabling UPnP that are almost completely unavoidable due to the nature of UPnP. Since UPnP works by by-passing the firewall, anyone can abuse it once they find the device on the network. This includes viruses, worms, trojan horses, and more.How to activate/deactivateMany devices have the capability to use Universal Plug and Play. Changing the setting on the devices that control the UPnP option is rather simple. Below are some examples of how to adjust that setting on different devices. To deactivate UPnP just follow the generalized steps to reach the settings and turn off the puter running Windows 7-10: In order to activate Universal Plug and Play capabilities on a computer first open up the computer's Control Panel. Then on the control panel screen open up the Network and Internet window. From there go the computers Network and Sharing Center. On the left side of the Network and Sharing Center window click on the Change advanced sharing settings button. Finally, on this window in the Network Discovery section (as seen below in fig.1 (How to enable UPnP in Windows 2020)) select the desired choice to turn on or off Universal Plug and Play capabilities and save your changes.Figure SEQ Figure \* ARABIC 1Home/Office Router: The following instructions will use an Xfinity router connected to a Windows computer as an example, but the instructions should be similar across most routers (NOTE: method of accessing router settings may differ between routers). First, open the command prompt and retrieve the Default Gateway of the router by typing in the command ipconfig (as seen in fig. 2). Then in the web browser of your choice, type in the Default Gateway (10.0.0.1 for this example) and hit enter on the keyboard.Figure SEQ Figure \* ARABIC 2A prompt should appear asking for a username and password to access your router’s settings. Enter your username and password here and the settings screen should appear. Under the Advanced tab, go to the Device Discovery settings (may be listed as UPnP on other routers). The option to enable UPnP should appear on-screen (see fig. 3). Figure SEQ Figure \* ARABIC 3Xbox/Playstation Video Game Console: These video game consoles are rather simple to set up their UPnP settings. The Playstation console automatically detects the network settings you are currently using and applies them, so to change the Network Address Translation (NAT) setting the user simply needs to make sure that the settings on the router they are using are set for UPnP and the Playstation will copy that over and have an Open NAT setting. The Xbox console will also have UPnP automatically enabled from the router however it can be tested to ensure it's been switched to an Open NAT setting and switch it if not. First, the user will need to open the settings from the menu button. Then from the Networks option locate and select the Setup New Wireless Network option. Finally select Test NAT Type (as seen below in fig. 4 (Arrows, How to Enable UPnP 'Universal Plug n Play'? 2020)) and it will detect the enabled UPnP settings and switch over to an Open NAT setting if it has not already done so.Figure SEQ Figure \* ARABIC 4409575000ConclusionIn the age we live in we are surrounded by smart devices and technology. These devices have many ways to connect including Universal Plug and Play (UPnP). UPnP lets devices seamlessly connect to one another automatically over a network but with some security risks. UPnP is still growing and developing so we could see a time that it becomes entirely safe to use. While there are both pros and cons to using Universal Plug and Play it ultimately comes down to the user to make an educated decision on what they are most comfortable with using for their network.ReferencesOCF - UPnP Standards & Architecture. (2020, April 24). Retrieved November 18, 2020, from , P. (2020, November 16). What is UPnP or Universal Plug and Play? Retrieved November 18, 2020, from , A. (2020, June 20). What is UPnP & Why is it Dangerous?. Retrieved November 18, 2020, from , C. (2019, October 24). Is UPnP a Security Risk? Retrieved November 18, 2020, from Plug and Play. (2020, November 15). Retrieved November 18, 2020, from , D., & Whitepaper, C. (2020, August 19). What is UPnP and is it Safe? Retrieved November 29, 2020, from , T. (2011, March 24). What is Universal Plug and Play (UPnP)? - Definition from . Retrieved November 29, 2020, from . (2008, October 15). UPnP Device Architecture 1.0. Retrieved from , K. (2020, April 23). How to Enable UPnP 'Universal Plug n Play'? Retrieved November 30, 2020, from to enable UPnP in Windows. (2020, April 30). Retrieved November 30, 2020, from ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download